496838 – rhn_package_manager won't upload signed packages

Bug 496838 - rhn_package_manager won't upload signed packages

Summary: rhn_package_manager won't upload signed packages

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Proxy Server
Sub Component:
Version:	0.6
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Lestach
QA Contact:	Jesus M. Rodriguez
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	space06
TreeView+	depends on / blocked

Reported:	2009-04-21 12:34 UTC by Rob James
Modified:	2009-09-10 12:05 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	497059 (view as bug list)
Environment:
Last Closed:	2009-09-10 12:05:57 UTC
Embargoed:

Attachments	(Terms of Use)

Description Rob James 2009-04-21 12:34:15 UTC

Signed a package with rpm --resign. Verfied as below:

# rpm --checksig hpadu-8.26-1.noarch.rpm 
hpadu-8.26-1.noarch.rpm: (sha1) dsa sha1 md5 gpg OK

Create custom channel in Spacewalk and try to use rhn_package_manager from the Proxy to add package (tried with several different packages):

# rhn_package_manager -v --channel="rhel-x86_64-server-custom-5" hpadu-8.26-1.noarch.rpm 
Red Hat Network username: admin
Red Hat Network password: 
Connecting to https://FQDN/XP
Uploading hpadu-8.26-1.noarch.rpm
Upload error: ERROR: hpadu-8.26-1.noarch.rpm: unsigned rpm (use --nosig to force)

Using --nosig works fine:

# rhn_package_manager -v --channel="rhel-x86_64-server-custom-5" hpadu-8.26-1.noarch.rpm --nosig
Red Hat Network username: admin
Red Hat Network password: 
Connecting to https://FQDN/XP
Uploading hpadu-8.26-1.noarch.rpm
Uploading batch:
		hpadu-8.26-1.noarch.rpm
Uploaded: hpadu-8.26-1.noarch.rpm
Copying hpadu-8.26-1.noarch.rpm to /var/spool/rhn-proxy/rhn/hpadu/8.26-1/i386/hpadu-8.26-1.i386.rpm

Tried to dig into why myself but it's beyond me :/

Comment 1 Miroslav Suchý 2009-04-22 07:48:48 UTC

We did not parse the signature in our code.
The header object is created in /usr/share/rhn/common/rhn_rpm.py on line 267:
 hdr, is_source = rpm.headerFromPackage(file_desc)
So it seems that rpm-python did not correctly parse the rpm header. 

Hmm strange on RHEL4 I get even traceback:
# rpm --checksig 4Suite-1.0-3.i386.rpm
4Suite-1.0-3.i386.rpm: (sha1) dsa sha1 md5 gpg OK
# rhn_package_manager -v --channel="foo" 4Suite-1.0-3.i386.rpm
Red Hat Network username: admin
Red Hat Network password:
Connecting to http://xen30.englab.brq.redhat.com/XP
Uploading 4Suite-1.0-3.i386.rpm
Traceback (most recent call last):
  File "/usr/bin/rhn_package_manager", line 28, in ?
    rhn_package_manager.main()
  File "/usr/share/rhn/PackageManager/rhn_package_manager.py", line 125, in main
    upload.uploadHeaders()
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 343, in uploadHeaders
    verbose=self.options.verbose, nosig=self.options.nosig)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 469, in _processBatch
    nosig=nosig)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 424, in _processFile
    h = get_header(None, f.fileno(), source)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 619, in get_header
    h = rhn_rpm.get_package_header(filename=file, fd=fildes)
  File "/usr/share/rhn/common/rhn_rpm.py", line 274, in get_package_header
    hdr, offset = rpm.readHeaderFromFD(file_desc)
AttributeError: 'module' object has no attribute 'readHeaderFromFD'

Comment 2 Brandon Perkins 2009-04-23 16:07:51 UTC

Removing bug 496838 blocks bug 497059.

Comment 3 Tomas Lestach 2009-05-26 11:56:49 UTC

What I tried was:

I registered my client to the Proxy.
I created a custom channel and I subscribed my client to this channel. 

I downloaded couple of different packages from different repositories.

====================================================================
on proxy:

# rpm --resign <package>.rpm 
Enter pass phrase: 
Pass phrase is good.
<package>.rpm:
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened
# rpm --checksig <package>.rpm 
<package>.rpm: (sha1) dsa sha1 md5 gpg OK
(
I verified the signature owner by comparing the key ID
# rpm -v --checksig <package>.rpm
and
# gpg -K
)
# gpg --export -a <key_owner> > RPM-GPG-KEY-ko
# scp RPM-GPG-KEY-ko client:/tmp/

# rhn_package_manager -v --channel=<custom_channel> <package>.rpm
Red Hat Network username: <username>
Red Hat Network password: 
Connecting to https://<spacewalk_server>/XP
Uploading <package>.rpm
Uploading batch:
		<package>.rpm
Uploaded: <package>.rpm
Copying <package>.rpm to /var/spool/rhn-proxy/rhn/<package_name>/<package_version>/<package_arch>/<package>.rpm
====================================================================
on client:

# rpm --import /tmp/RPM-GPG-KEY-ko
# yum clean all
# yum install -y <package>.rpm
====================================================================

What did you do different?

Comment 4 Rob James 2009-05-26 16:36:18 UTC

Nothing different really. The version of Proxy was the 0.6 nightly up-to-date as of the date I added the bugzilla report. I'm afraid I've had to use that host for something else since then so I don't have a Spacewalk Proxy to test right now -- maybe Miroslav might be able to test again?

Comment 5 Tomas Lestach 2009-06-03 13:18:59 UTC

I tried to reproduce it again without any success. Passing to ON_QA to verify.

Comment 6 Miroslav Suchý 2009-09-10 12:05:57 UTC

Spacewalk 0.6 released

Note You need to log in before you can comment on or make changes to this bug.